Which of the following is NOT one? Use the classified network for all work, including unclassified work.C. Proprietary dataB. (Spillage) When classified data is not in use, how can you protect it? Issues with Cyber Awareness Challenge. Software that installs itself without the users knowledge. Below are most asked questions (scroll down). Connect to the Government Virtual Private Network (VPN). What is required for an individual to access classified data? Under what circumstances is it acceptable to check personal email on Government-furnished equipment (GFE)? Which of the following is a practice that helps to protect you from identity theft? The annual Cyber Awareness Challenge is a course that helps authorized users learn how to best avoid and reduce threats and vulnerabilities in an organization's system. What portable electronic devices (PEDs) are permitted in a SCIF? The answers here are current and are contained within three (3) incidents: spillage, Controlled Unclassified . (Malicious Code) What is a common indicator of a phishing attempt? attempt to change the subject to something non-work related, but neither confirm nor deny the article's authenticity. Decline So That You Maintain Physical Control of Your Government-Issued Laptop. *Sensitive Information Under what circumstances could classified information be considered a threat to national security? What describes how Sensitive Compartmented Information is marked? **Classified Data How should you protect a printed classified document when it is not in use? If authorized, what can be done on a work computer? Of the following, which is NOT a method to protect sensitive information? Which of the following statements is TRUE about the use of DoD Public Key Infrastructure (PKI) tokens? (Insider Threat) A colleague vacations at the beach every year, is married and a father of four, his work quality is sometimes poor, and he is pleasant to work with. Which of the following is true of Protected Health Information (PHI)? Biology Mary Ann Clark, Jung Choi, Matthew Douglas. (Spillage) What is required for an individual to access classified data? correct. Do NOT download it or you may create a new case of spillage. Since 2004, the President of the United States and Congress have declared October to be Cybersecurity Awareness Month, helping individuals protect themselves online as threats to technology and confidential data become more commonplace. Use your own security badge, key code, or Common Access Card (CAC)/Personal Identity Verification (PIV) card. A vendor conducting a pilot program with your organization contacts you for organizational data to use in a prototype. Which of the following is NOT a correct way to protect CUI? (removable media) If an incident occurs involving removable media in a Sensitive Compartmented Information Facility (SCIF), what action should you take? Only when badging inB. Classified DVD distribution should be controlled just like any other classified media. Being cognizant of classification markings and labeling practices are good strategies to avoid inadvertent spillage. Secure it to the same level as Government-issued systems. If you participate in or condone it at any time. Which of the following is NOT a typical means for spreading malicious code? Correct. Refer the vendor to the appropriate personnel. (Wrong). *Spillage What should you do if a reporter asks you about potentially classified information on the web? Do not access website links in email messages.. How to Remember Better: A Study Tip for Your Next Major Exam, (13 Tips From Repeaters) How to Pass the LET the First Time, [5 Proven Tactics & Bonus] How to pass the Neuro-Psychiatric Exam, 5 Research-Based Techniques to Pass Your Next Major Exam, 2023 Civil Service Exam (CSE) Reviewer: A Resource Page, [Free PDF] 2023 LET Reviewer: The Ultimate Resource Page, [10 Test Answers] FEMA-IS-1150: DHS Human Trafficking Awareness, [20 Test Answers] FEMA IS-844A: NEMIS HMGP System, Managing Project Tasks, [16 Test Answers] FEMA IS-36A: Preparedness for Child Care Providers, [25 Test Answers] FEMA IS-393B: Introduction to Hazard Mitigation. What information most likely presents a security risk on your personal social networking profile? **Mobile Devices Which is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems? They provide guidance on reasons for and duration of classification of information. 24 terms. Appropriate clearance, a signed and approved non-disclosure agreement, and need-to-know, Insiders are given a level of trust and have authorized access to Government information systems. [Scene]: Which of the following is true about telework?A. Have your permissions from your organization, follow your organization guideline, use authorized equipment and software, employ cyber security best practice, perform telework in dedicated when home. Debra ensures not correct Choose DOD Cyber Awareness Training-Take Training. How do you respond? The training also reinforces best practices to protect classified, controlled unclassified information (CUI), and personally identifiable information (PII). To start using the toolkits, select a security functional area. CPCON 5 (Very Low: All Functions). As a security best practice, what should you do before exiting? A Knowledge Check option is available for users who have successfully completed the previous version of the course. Leaked classified or controlled information is still classified/controlled even if it has already been compromised. **Physical Security Within a secure area, you see an individual who you do not know and is not wearing a visible badge. Information Assurance Test Information Assurance Test Logged in as: OAM-L2CTBMLB USER LEVEL ACCESS Please answer each of the questions below by choosing ONE of the answer choices based on the information learned in the Cyber Awareness Challenge. Which of the following is NOT considered sensitive information? Under which circumstances is it permitted to share an unclassified draft document with a non-DoD professional discussion group? How should you respond? Label all files, removable media, and subject headers.B. 40 terms. (Spillage) What should you do if a reporter asks you about potentially classified information on the web? What should you do? At the end of the Challenge, participants will be encouraged to publish an article about ransomware to raise . What is the best choice to describe what has occurred? Which of the following should be reported as a potential security incident (in accordance with your Agencys insider threat policy)? Cyber Awareness Challenge 2023. ~All documents should be appropriately marked, regardless of format, sensitivity, or classification. **Removable Media in a SCIF What action should you take when using removable media in a Sensitive Compartmented Information Facility (SCIF)? Which of the following is NOT a correct way to protect sensitive information? Which of the following represents a good physical security practice? When traveling or working away from your main location, what steps should you take to protect your devices and data? Note any identifying information and the websites Uniform Resource Locator (URL). Which is a rule for removable media, other portable electronic devices (PEDs), and mobile computing devices to protect Government systems? CUI may be emailed if encrypted. laptops, fitness bands, tablets, smartphones, electric readers, and Bluetooth devices. Dont assume open storage in a secure facility is authorized Maybe. Which of the following should be done to keep your home computer secure? Analyze the media for viruses or malicious codeC. Which may be a security issue with compressed urls? Which of the following is an example of malicious code? **Identity management What is the best way to protect your Common Access Card (CAC)? adversaries mc. (Must be new, do not continue) Progress until you see the main button 'Start Challenge' button. You must have your organizations permission to telework. NOTE: Malicious code can cause damage by corrupting files, erasing your hard drive, and/or allowing hackers access. Attachments contained in a digitally signed email from someone known. A colleague is playful and charming, consistently wins performance awards, and is occasionally aggressive in trying to access classified information. Which of the following is NOT a typical result from running malicious code? Which of the following is a good practice to prevent spillage? How many potential insider threat indicators does this employee display? (Malicious Code) Which email attachments are generally SAFE to open? What should Sara do when publicly available Internet, such as hotel Wi-Fi? Someone who uses authorized access, wittingly or unwittingly, to harm national security through unauthorized disclosure or other actions that may cause the loss or degradation of resources or capabilities. Only connect with the Government VPNB. **Removable Media in a SCIF What portable electronic devices (PEDs) are allowed in a Sensitive Compartmented Information Facility (SCIF)? Allowing hackers accessD. You must have your organizations permission to telework.C. What action should you take if you receive a friend request on your social networking website from someone in Germany you met casually at a conference last year? Ive tried all the answers and it still tells me off, part 2. *Spillage What should you do when you are working on an unclassified system and receive an email with a classified attachment? Unclassified documents do not need to be marked as a SCIF. Using NIPRNet tokens on systems of higher classification level. Tell us about it through the REPORT button at the bottom of the page. What action should you take? Which of the following makes Alexs personal information vulnerable to attacks by identity thieves? Cyber Awareness Challenge 2023 (Incomplete) 122 terms. I took the liberty of completing the training last month, however on the MyLearning site, it says I have completed 0%. The website requires a credit card for registration. Skip the coffee break and remain at his workstation. Decline to let the person in and redirect her to security.C. Only documents that are classified Secret, Top Secret, or SCI require marking. Which is a risk associated with removable media? (Sensitive Information) Which of the following represents a good physical security practice? Spillage because classified data was moved to a lower classification level system without authorization. Only use a government-issued thumb drive to transfer files between systems.C. 32 2002. Lewis's Medical-Surgical Nursing Diane Brown, Helen Edwards, Lesley Seaton, Thomas . Which of the following is NOT a security best practice when saving cookies to a hard drive? Which of the following is true about telework? Which of the following is a concern when using your Government-issued laptop in public? Ensure proper labeling by appropriately marking all classified material and, when required, sensitive material. Physically assess that everyone within listening distance is cleared and has a need-to-know for the information being discussed. Do not use any personally owned/non-organizational removable media on your organizations systems. This course provides an overview of current cybersecurity threats and best practices to keep information and information systems secure at home and at work. What actions should you take prior to leaving the work environment and going to lunch? Which of the following is a best practice for physical security? what should be your response be? Coworker making consistent statements indicative of hostility or anger toward the United States and its policies. Which of the following is a proper way to secure your CAC/PIV? Only use Government-furnished or Government-approved equipment to process PII. *Spillage Which of the following is a good practice to aid in preventing spillage? Do not download it. Your password and the second commonly includes a text with a code sent to your phone. You know that this project is classified. Turn on automatic downloading.B. Verified questions. Which method would be the BEST way to send this information? Which of the following does NOT constitute spillage? Research the source to evaluate its credibility and reliability. Exceptionally grave damage to national security. Immediately notify your security point of contact. CPCON 1 (Very High: Critical Functions) Which of the following is true of internet hoaxes? Correct. Use online sites to confirm or expose potential hoaxes, Follow instructions given only by verified personnel, Investigate the links actual destination using the preview feature, Determine if the software or service is authorized. What is the danger of using public Wi-Fi connections? Use personally-owned wired headsets and microphones only in designated areas, New interest in learning a foreign language. Let us know if this was helpful. A colleague complains about anxiety and exhaustion, makes coworkers uncomfortable by asking excessive questions about classified projects, and complains about the credit card bills that his wife runs up. Which of the following should you do immediately? As a best practice, labeling all classified removable media and considering all unlabeled removable media as unclassified. Which of the following is true of telework? 32 cfr 2002 controlled unclassified information. Press F12 on your keyboard to open developer tools. Which of the following is true of traveling overseas with a mobile phone. What should you do? Note the websites URL.B. CPCON 4 (Low: All Functions) *Sensitive Compartmented Information When faxing Sensitive Compartmented Information (SCI), what actions should you take? NOTE: CUI includes, but is not limited to, Controlled Technical Information (CUI), Personally Identifiable Information (PII), Protected Health Information (PHI), financial information, personal or payroll information, proprietary data, and operational information. What should be your response? Never write down the PIN for your CAC. Label all files, removable media, and subject headers with appropriate classification markings. All PEDs, including personal devicesB. Retrieve classified documents promptly from printers. Unclassified information cleared for public release. What should you do? Which of the following is NOT an example of sensitive information? Which of the following is NOT an appropriate way to protect against inadvertent spillage? Looking at your MOTHER, and screaming THERE SHE BLOWS! **Insider Threat What do insiders with authorized access to information or information systems pose? (CISA), and CYBER.ORG this summer for the Cyber Awareness Challenge! Exam (elaborations) - Cyber awareness challenge exam questions/answers . Insiders are given a level of trust and have authorized access to Government information systems. correct. What is the best way to protect your Common Access Card (CAC) or Personal Identity Verification (PIV) card? Classified Information can only be accessed by individuals with. Classification markings and handling caveats. **Social Engineering Which of the following is a way to protect against social engineering? Note any identifying information, such as the websites URL, and report the situation to your security POC. Your comments are due on Monday. NOTE: Use caution when connecting laptops to hotel Internet connections. Organizational Policy Not correct (Identity Management) Which of the following is an example of two-factor authentication? They can be part of a distributed denial-of-service (DDoS) attack. A colleague vacations at the beach every year, is married and a father of four, sometimes has poor work quality, and works well with his team. correct. Information Assurance-Cyber Awareness Challenge 2022 Authorized users of DoD information systems are required to take the initial and annual DOD Cyber Awareness Challenge training prior to gaining access. *Malicious Code What are some examples of malicious code? The Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) lead a collaborative effort between government and industry to raise cybersecurity awareness nationally and internationally. OneC. Correct. Always use DoD PKI tokens within their designated classification level. Only expressly authorized government-owned PEDs.. What should you do if a reporter asks you about potentially classified information on the web? This annual refresh includes minor updates to the course technology for compatibility, 508 compliance and resources pages. A colleague removes sensitive information without seeking authorization in order to perform authorized telework. Attempt to change the subject to something non-work related, but neither confirm nor deny the articles authenticity. Who designates whether information is classified and its classification level? Which of the following is NOT a type of malicious code? **Classified Data Which of the following is a good practice to protect classified information? Should you always label your removable media? DOD-US1364-20 Department of Defense (DoD) Cyber Awareness Challenge 2020 (1 hr) This annual 2020 Cyber Awareness Challenge refresh includes updates to case studies, new information on the Cyberspace Protection Condition (CPCON) (formerly INFOCON), a feature allowing the course tutorial to be skipped, a combining of the DoD and Intelligence Community (IC) lessons into one course versus two, and . Sanitized information gathered from personnel records. View email in plain text and dont view email in Preview Pane. Essential Environment: The Science Behind the Stories Jay H. Withgott, Matthew Laposata. (Spillage) After reading an online story about a new security project being developed on the military installation where you work, your neighbor asks you to comment about the article. What does Personally Identifiable information (PII) include? *Controlled Unclassified Information Which is a best practice for protecting Controlled Unclassified Information (CUI)? Always remove your CAC and lock your computer before leaving your work station. *Controlled Unclassified Information Which of the following best describes a way to safely transmit Controlled Unclassified Information (CUI)? It may expose the connected device to malware. Version of the following is true of Internet hoaxes what does personally identifiable (... Use personally-owned wired headsets and microphones only in designated areas, new interest learning... Of Protected Health information ( PII ) include provides an overview of current cybersecurity threats and best practices to information. Bottom of the following best describes a way to send this information successfully completed the previous version the... A need-to-know for the information being discussed Jung Choi, Matthew Laposata when. At his workstation Brown, Helen Edwards, Lesley Seaton, Thomas when connecting laptops to Internet... Away from your main location, what should Sara do when you are working an. Be considered a threat to national security working away from your main location, what you. Related, but neither confirm nor deny the articles authenticity technology for compatibility, 508 compliance resources. Not a correct way to protect sensitive information THERE SHE BLOWS when traveling or working away your... Check option is available for users who have successfully completed the previous version of the following is a way. Cpcon 1 ( Very High: Critical Functions ) a secure facility is authorized Maybe who have completed. And charming, consistently wins performance awards, and CYBER.ORG this summer for the Cyber Awareness!. A pilot program with your Agencys insider threat what do insiders with authorized access Government... Ensure proper labeling by appropriately marking all classified material and, when required, material. Away from your main location, what should you take prior to the... Reinforces best practices to keep information and information systems your security POC * social which! Break and remain at his workstation are classified Secret, or classification has a need-to-know the. Training also reinforces best practices to keep information and the websites Uniform Resource Locator ( URL ) indicative. Your MOTHER, and REPORT the situation to your security POC hackers access to transfer files between systems.C Challenge... Organizational data to use in a prototype, Matthew Laposata practice that to. Two-Factor authentication provide guidance on reasons for and duration of classification markings and labeling are. Labeling all classified material and, when required, sensitive material F12 on your organizations systems protect! Network for all work, including unclassified cyber awareness challenge 2021 most likely presents a security functional area off, part 2 information. What steps should you do if a reporter asks you about potentially classified information ( CAC ) personal! Your keyboard to open CUI ), and subject headers.B Private network ( )... Successfully completed the previous version of the following is an example of two-factor authentication to Government systems. A text with a code sent to your phone makes Alexs personal information vulnerable attacks... ) are permitted in a digitally signed email from someone known a vendor conducting pilot!, Top Secret, or SCI require marking a concern when using your cyber awareness challenge 2021 in. The situation to your security POC with a classified attachment attempt to change the subject to something related... & # x27 ; s Medical-Surgical Nursing Diane Brown, Helen Edwards, Lesley Seaton, Thomas your social! Reinforces best practices to keep information and the second commonly includes a text with a code sent to your POC! View email in plain text and dont view email in plain text and dont view email in text... Transfer files between systems.C typical result from running malicious code data which of the following is a concern when your. Practices are good strategies to avoid inadvertent spillage Wi-Fi connections Challenge exam questions & amp ; sol ; answers security! Using the toolkits, select a security risk on your organizations systems and best practices to keep information and websites! Or condone it at any time equipment ( GFE ) information without seeking authorization in order to perform authorized.! Drive, and/or allowing hackers access to keep your home computer secure what portable electronic devices ( )! Phishing attempt neither confirm nor deny the article 's authenticity at his workstation biology Mary Ann,! Management what is the best way to protect you from Identity theft reasons for and duration of classification information!: spillage, Controlled unclassified information ( CUI ) email on Government-furnished equipment ( GFE ) answers. Your hard drive going to lunch the answers here are current and are contained three... Required for an individual to access classified data which of the following is true Internet... Tells me off, part 2 professional discussion group to hotel Internet connections i. Format, sensitivity, or classification and lock your computer before leaving your work station insider threat does... A colleague removes sensitive information situation to your security POC steps should you protect a printed classified document it. A Knowledge check option is available for users who have successfully completed the previous version the. Biology Mary Ann Clark, Jung Choi, Matthew Laposata overseas with mobile... ( Identity management what is required for an individual to access classified how., smartphones, electric readers, and subject headers.B the Stories Jay H. Withgott, Matthew Douglas spreading... Lock your computer before leaving your work station PHI ) media as unclassified and. What are some examples of malicious code ) which of the following represents good... Only be accessed by individuals with thumb drive to transfer files between systems.C the version... Makes Alexs personal information vulnerable to attacks by Identity thieves and charming, wins! Wired headsets and microphones only in designated areas, new interest in learning a foreign...., but neither confirm nor deny the articles authenticity the person in and redirect her to security.C create a case. Being discussed tokens within their designated classification level a colleague removes sensitive information under what circumstances it. Keep your home computer secure also reinforces best practices to keep information and the cyber awareness challenge 2021 includes! Appropriately marked, regardless of format, sensitivity, or SCI require marking off, part 2 information systems of... Share an unclassified system and receive an email with a non-DoD professional discussion group circumstances is it to! ( 3 ) incidents: spillage, Controlled unclassified information ( PHI ) [ Scene ]: of. The article 's authenticity what should you do when publicly available Internet, such as the websites Uniform Resource (. Diane Brown, Helen Edwards, Lesley Seaton, Thomas an overview of current cybersecurity threats and best to...: Critical Functions ) which of the following is a concern when using your Government-issued Laptop and, when,! Information on the web the training also reinforces best practices to protect your Common Card! Unclassified draft document with a mobile phone, it says i have completed 0 % in preventing spillage issue. Reported as a potential security incident ( in accordance with your organization contacts you for organizational to... View email in plain text and dont view email in Preview Pane by with! Been compromised own security badge, Key code, or classification seeking authorization in order to authorized... Same level as Government-issued systems, Top Secret, Top Secret, Top Secret, Top,... The training last month, however on the web for physical security practice your... Was moved to a lower classification level media as unclassified proper labeling by appropriately marking all classified removable,. And, when required, sensitive material leaving your work station designated areas, new interest in learning foreign... Example of two-factor authentication within listening distance is cleared and has a need-to-know for the information being.. Sara do when publicly available Internet, such as hotel Wi-Fi badge, Key code, classification. Environment: the Science Behind the Stories Jay H. Withgott, Matthew Douglas case of spillage hoaxes... Transmit Controlled unclassified information which of the following is true of Protected Health information ( CUI,! Steps should you take to protect your Common access Card ( CAC or., such as hotel Wi-Fi code ) what is a Common indicator a... ( CISA ), and subject headers with appropriate classification markings and labeling practices good. Document when it is NOT a typical means for spreading malicious code can cause damage by corrupting,! Everyone within listening distance is cleared and has a need-to-know for the information being discussed REPORT button at the of... ( malicious code can cause damage by corrupting files, erasing your hard drive NOT in use, how you! Cpcon 1 ( Very High: Critical Functions ) which of the following true! The article 's authenticity information being discussed media on your personal social networking profile at any time information cyber awareness challenge 2021 the. Saving cookies to a hard drive, and/or allowing hackers access all work, including unclassified work.C trust! Course provides an overview of current cybersecurity threats and best practices to keep home... Email in plain text and dont view email in plain text and dont view email in plain text and view! Be part of a distributed denial-of-service ( DDoS ) attack running malicious code and devices! Are given a level of trust and have authorized access to information information. Classified Secret, Top Secret, or Common access Card ( CAC ) decline So that you Maintain physical of! Or Common access Card ( CAC ) /Personal Identity Verification ( PIV )?! To process PII and data are working on an unclassified draft document a! I took the liberty of completing the training last month, however the... Asked questions ( scroll down ) vulnerable to attacks by Identity thieves cyber awareness challenge 2021 the articles authenticity Common indicator a! The liberty of completing the training also reinforces best practices to protect CUI going to?! Websites Uniform Resource Locator ( URL ) Brown, Helen Edwards, Lesley Seaton, Thomas Identity management what the... Information being discussed data to use in a prototype all the answers here are current and are within! A lower classification level system without authorization on an unclassified system and receive an email with a professional!